Use when users need to implement, integrate, debug, build, deploy, or validate a Web frontend after the product direction is already clear, especially for React, Vue, Vite, browser flows, or CloudBase Web integration.
Installation
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Use when users need to implement, integrate, debug, build, deploy, or validate a Web frontend after the product direction is already clear, especially for React, Vue, Vite, browser flows, or CloudBase Web integration.
version
2.23.1
alwaysApply
false
Standalone Install Note
If this environment only installed the current skill, start from the CloudBase main entry and use the published cloudbase/references/... paths for sibling skills.
CloudBase main entry: https://cnb.cool/tencent/cloud/cloudbase/cloudbase-skills/-/git/raw/main/skills/cloudbase/SKILL.md
Current skill raw source: https://cnb.cool/tencent/cloud/cloudbase/cloudbase-skills/-/git/raw/main/skills/cloudbase/references/web-development/SKILL.md
Keep local references/... paths for files that ship with the current skill directory. When this file points to a sibling skill such as auth-tool or web-development, use the standalone fallback URL shown next to that reference.
Cross-cutting protocols (required before code changes or static hosting publish):
Official Account JSAPI Pay, Native QR-code Pay, or WeChat OAuth on CloudBase -> ../cloudbase-wechat-integration/SKILL.md (standalone fallback: https://cnb.cool/tencent/cloud/cloudbase/cloudbase-skills/-/git/raw/main/skills/cloudbase/references/cloudbase-wechat-integration/SKILL.md; official docs: https://docs.cloudbase.net/integration/introduce/index.md)
CloudBase database work -> matching database skill
Do NOT use for
Visual direction setting, prototype-first design work, or pure aesthetic exploration.
Mini programs, native Apps, or backend-only services.
WeChat payment or Official Account OAuth contract details; use cloudbase-wechat-integration after identifying the Web surface.
Common mistakes / gotchas
Starting implementation before clarifying whether the task is design or engineering execution.
Mixing framework setup, deployment, and CloudBase integration concerns into one vague change.
Treating cloud functions as the default solution for Web authentication.
Skipping browser-level validation after a UI or routing change.
History mode SPA with CloudBase static hosting: deploying a single-page app using History mode (React Router / Vue Router) without configuring the static hosting "404 error document" to index.html. This causes NoSuchKey / 404 errors when users refresh or directly visit any sub-route.
In an existing application, detouring into UI redesign or broad repo sweeps before patching the current handlers and services.
Engineering constitution (non-negotiable)
These rules override convenience. Treat them as a gate before saying "done".
1. TypeScript — do not silence the type system
Do NOT use any to bypass type errors. Not : any, not as any, not @ts-ignore, not @ts-nocheck, not @ts-expect-error without a written justification. any propagates silently and defeats the only compile-time safety net this project has.
When a type error appears, fix the root cause:
Missing / wrong library types → install @types/..., or narrow the import, or write a precise interface / type for the shape you actually use.
Shape is genuinely unknown at the boundary (JSON from an API, postMessage payload, window.* injection) → type it as unknown and narrow with a type guard (typeof, in, a discriminator field, or zod / equivalent).
Third-party type is wrong → augment via declare module in a local .d.ts, not any.
Truly dynamic case (e.g. generic event bus) → use a generic <T> with a constraint, not any.
unknown + narrowing is the acceptable escape hatch. any is not.
If you genuinely cannot avoid any for a specific line (extremely rare), leave a one-line comment with why and what would remove it, so reviewers can audit.
The same spirit applies to ESLint: do not sprinkle // eslint-disable to mute the real signal. Fix the rule violation, or discuss before disabling.
2. Self-verify before claiming done
Before making any non-trivial code or configuration change, you must first follow the Change Safety Protocol in cloudbase-platform/references/protocols/change-safety-protocol.md (declare impact → user confirmation → post-edit verification).
Before any static hosting publish or custom domain work, complete the checks in cloudbase-platform/references/protocols/deployment-gate.md.
Saying "I've implemented it" / "fixed it" / "it should work" without evidence is not acceptable. Before declaring completion, you must actually run the checks and report the result.
Static / build layer (always, when applicable):
tsc --noEmit (or vue-tsc --noEmit) passes cleanly — zero errors, zero suppressed diagnostics you added.
eslint / project linter passes on changed files.
The project's build command (npm run build / pnpm build / vite build) completes without new warnings that you introduced.
The project's unit tests pass if they exist and cover the touched area.
Runtime / browser layer (whenever the change affects rendering, routing, forms, auth, or async flows):
Use the agent-browser tool to actually open the page and reproduce the user-visible flow. Follow browser-testing.md for the concrete workflow.
Confirm: the target route loads, the interaction you claim to have fixed behaves the way you claim, no new console errors are introduced, and no regression in the adjacent routes you touched.
Record what you checked (route, action, expected result, actual result).
Only after both layers pass may you say the task is done. If either layer cannot be executed locally (e.g. blocked by credentials, missing backend, paid API), say so explicitly and list exactly which step is still unverified — do not gloss over it.
3. Do not paper over failures
Do not wrap broken logic in try { ... } catch {} to make the error go away.
Do not delete or skip a failing test to make CI green — fix it, or explain why the test is actually wrong and change the test with justification.
Do not mark a task complete because "the code compiles". Compilation is the bare minimum, not the goal.
When to use this skill
Use this skill for Web engineering work such as:
Implementing React or Vue pages and components
Setting up or maintaining Vite-based frontend projects
Handling routing, data loading, forms, and build configuration
Running browser-based validation and smoke checks
Integrating CloudBase Web SDK and static hosting when the project needs CloudBase capabilities
Do NOT use for:
UI direction or visual system design only; use ui-design
Mini program development; use miniprogram-development
Backend service implementation; use cloudrun-development or cloud-functions
How to use this skill (for a coding agent)
Clarify the execution surface
Confirm whether the task is framework setup, page implementation, debugging, deployment, validation, or CloudBase integration.
Keep the work scoped to the actual Web app surface instead of spreading into unrelated backend changes.
If the workspace is an existing application with TODOs, treat it as a targeted repair task, not a greenfield build.
Follow framework and build conventions
Prefer the existing project stack if one already exists.
For new work, treat Vite as the default bundler unless the repo or user constraints say otherwise.
Put reusable app code under src and build output under dist unless the repo already uses a different convention.
In an existing application with fixed structure, inspect the files that already own the flow before reading broad docs: src/lib/backend.*, src/lib/auth.*, src/lib/*service.*, route guards, and the page handlers bound to submit buttons.
Validate through the browser, not only by reading code
For interaction, routing, rendering, or regression checks, use agent-browser workflows from browser-testing.md.
Prefer lightweight smoke validation for changed flows before claiming the frontend work is complete.
Treat CloudBase as an integration branch
Use CloudBase Web SDK and static hosting guidance only when the project actually needs CloudBase platform features.
Reuse auth-tool and auth-web for login or provider readiness instead of re-describing those flows here.
Core workflow
1. Choose the right engineering path
React / Vue feature work: implement within the app's existing component, routing, and state conventions
New Web app: prefer Vite unless the repo already standardizes on another toolchain
Debugging and regressions: reproduce in browser, narrow to a specific page or interaction, then patch
CloudBase integration: wire in Web SDK, auth, data, or static hosting only after the base frontend path is clear
2. Keep implementation grounded in project reality
Follow the repo's package manager, scripts, and lint/test patterns
Avoid framework rewrites unless the user explicitly asks for one
Prefer the smallest viable page/component/config change that satisfies the task
In TODO-based apps, complete the existing implementation directly instead of creating parallel helpers, sample pages, or detached prototypes
3. Validate changed flows explicitly
Run the relevant local build / lint / typecheck / test command when available. A clean tsc --noEmit and a clean project build are the minimum bar — not proof of correctness.
For anything user-visible (routing, forms, rendering, auth, async flows), open the affected page or flow in a browser with agent-browser. Code reading alone is not sufficient evidence — see the Engineering constitution above.
Record what was checked: route, action, expected result, actual result, and any remaining gap.
CloudBase Web integration
Use this section only when the Web project needs CloudBase platform features.
Web SDK rules
Prefer npm installation for React, Vue, Vite, and other bundler-based projects
Use the CDN only for static HTML pages, quick demos, embedded snippets, or README examples
Only use documented CloudBase Web SDK APIs; do not invent methods or options
Keep a shared app or auth instance instead of re-initializing on every call
If the user only provides an environment alias, nickname, or other shorthand, resolve it to the canonical full EnvId before writing SDK init code, console links, or config files. Do not pass alias-like short forms directly into cloudbase.init({ env }).
Authentication boundary
Authentication must use CloudBase SDK built-in features
Do not move Web login logic into cloud functions
For provider readiness, login method setup, or publishable key issues, route to auth-tool and auth-web
Static hosting defaults
Build before deployment
Prefer relative asset paths for static hosting compatibility
Use hash routing by default when the project lacks server-side route rewrites
If the user does not specify a root path, avoid deploying directly to the site root by default
SPA routing (History mode): when using React Router / Vue Router in History mode (not hash mode), configure the CloudBase static hosting "404 error document" to index.html. Otherwise refreshing or directly visiting any sub-route returns NoSuchKey / 404 error, because the static hosting looks for a file at that path instead of falling through to index.html for the SPA to handle routing.
